test/suite-capture.sh

   1 #!/bin/bash
   2 #
   3 # Test the capture engine of the Wireshark tools
   4 #
   5 # $Id$
   6 #
   7 # Wireshark - Network traffic analyzer
   8 # By Gerald Combs <gerald@wireshark.org>
   9 # Copyright 2005 Ulf Lamping
  10 #
  11 # This program is free software; you can redistribute it and/or
  12 # modify it under the terms of the GNU General Public License
  13 # as published by the Free Software Foundation; either version 2
  14 # of the License, or (at your option) any later version.
  15 #
  16 # This program is distributed in the hope that it will be useful,
  17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 # GNU General Public License for more details.
  20 #
  21 # You should have received a copy of the GNU General Public License
  22 # along with this program; if not, writeto the Free Software
  23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24 #
  25
  26
  27 # common exit status values
  28 EXIT_OK=0
  29 EXIT_COMMAND_LINE=1
  30 EXIT_ERROR=2
  31
  32 capture_test_output_print() {
  33         wait
  34         for f in "$@"; do
  35                 if [[ -f "$f" ]]; then
  36                 printf " --> $f\n"
  37                 cat "$f"
  38                 printf "\n"
  39                 fi
  40         done
  41 }
  42
  43 traffic_gen_ping() {
  44         # Generate some traffic for quiet networks.
  45         # This will have to be adjusted for non-Windows systems.
  46 ##      ping -n 20 www.wireshark.org > /dev/null 2>&1 &
  47
  48         { date; ping -n 20 www.wireshark.org; date; } > ./testout_ping.txt 2>&1 &
  49 }
  50
  51 ping_cleanup() {
  52         wait
  53         rm -f ./testout_ping.txt
  54 }
  55
  56 # capture exactly 10 packets
  57 capture_step_10packets() {
  58         if [ "$WS_SYSTEM" != "Windows" ] ; then
  59                 test_step_skipped
  60                 return
  61         fi
  62
  63         traffic_gen_ping
  64
  65         date > ./testout.txt
  66         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
  67                 -w ./testout.pcap \
  68                 -c 10  \
  69                 -a duration:$TRAFFIC_CAPTURE_DURATION \
  70                 -f icmp \
  71                 >> ./testout.txt 2>&1
  72         RETURNVALUE=$?
  73         date >> ./testout.txt
  74         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  75                 echo
  76                 capture_test_output_print ./testout.txt
  77                 # part of the Prerequisite checks
  78                 # wrong interface ? output the possible interfaces
  79                 $TSHARK -D
  80                 test_step_failed "exit status of $DUT: $RETURNVALUE"
  81                 return
  82         fi
  83
  84         # we should have an output file now
  85         if [ ! -f "./testout.pcap" ]; then
  86         capture_test_output ./testout.txt
  87                 test_step_failed "No output file!"
  88                 return
  89         fi
  90
  91         # ok, we got a capture file, does it contain exactly 10 packets?
  92         $CAPINFOS ./testout.pcap > ./testout2.txt
  93         grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
  94         if [ $? -eq 0 ]; then
  95                 test_step_ok
  96         else
  97                 echo
  98                 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
  99                 # part of the Prerequisite checks
 100                 # probably wrong interface, output the possible interfaces
 101                 $TSHARK -D
 102                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 103         fi
 104 }
 105
 106 # capture exactly 10 packets using "-w -" (piping to stdout)
 107 capture_step_10packets_stdout() {
 108         if [ "$WS_SYSTEM" != "Windows" ] ; then
 109                 test_step_skipped
 110                 return
 111         fi
 112
 113         traffic_gen_ping
 114
 115         date > ./testout.txt
 116         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 117                 -c 10 \
 118                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 119                 -w - \
 120                 -f icmp \
 121                 > ./testout.pcap 2>>./testout.txt
 122         RETURNVALUE=$?
 123         date >> ./testout.txt
 124         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 125                 echo
 126                 cat ./testout.txt
 127                 $TSHARK -D
 128                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 129                 return
 130         fi
 131
 132         # we should have an output file now
 133         if [ ! -f "./testout.pcap" ]; then
 134                 test_step_failed "No output file!"
 135                 return
 136         fi
 137
 138         # ok, we got a capture file, does it contain exactly 10 packets?
 139         $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
 140         grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
 141         if [ $? -eq 0 ]; then
 142                 test_step_ok
 143         else
 144                 echo
 145                 cat ./testout.txt
 146                 cat ./testout2.txt
 147                 $TSHARK -D
 148                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 149         fi
 150 }
 151
 152 # capture packets via a fifo
 153 capture_step_fifo() {
 154         mkfifo 'fifo'
 155         (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
 156         $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
 157                 -w ./testout.pcap \
 158                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 159                 > ./testout.txt 2>&1
 160         RETURNVALUE=$?
 161         rm 'fifo'
 162         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 163                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 164                 return
 165         fi
 166
 167         # we should have an output file now
 168         if [ ! -f "./testout.pcap" ]; then
 169                 test_step_failed "No output file!"
 170                 return
 171         fi
 172
 173         # ok, we got a capture file, does it contain exactly 8 packets?
 174         $CAPINFOS ./testout.pcap > ./testout.txt
 175         grep -i 'Number of packets: 8' ./testout.txt > /dev/null
 176         if [ $? -eq 0 ]; then
 177                 test_step_ok
 178         else
 179                 echo
 180                 cat ./testout.txt
 181                 test_step_failed "No or not enough traffic captured."
 182         fi
 183 }
 184
 185 # capture exactly 2 times 10 packets (multiple files)
 186 capture_step_2multi_10packets() {
 187         if [ "$WS_SYSTEM" != "Windows" ] ; then
 188                 test_step_skipped
 189                 return
 190         fi
 191
 192         traffic_gen_ping
 193
 194         date > ./testout.txt
 195         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 196                 -w ./testout.pcap \
 197                 -c 10 \
 198                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 199                 -f icmp \
 200                 >> ./testout.txt 2>&1
 201
 202         RETURNVALUE=$?
 203         date >> ./testout.txt
 204         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 205                 echo
 206                 cat ./testout.txt
 207                 # part of the Prerequisite checks
 208                 # probably wrong interface, output the possible interfaces
 209                 $TSHARK -D
 210                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 211                 return
 212         fi
 213
 214         # we should have an output file now
 215         if [ ! -f "./testout.pcap" ]; then
 216                 test_step_failed "No output file!"
 217                 return
 218         fi
 219
 220         # ok, we got a capture file, does it contain exactly 10 packets?
 221         $CAPINFOS ./testout.pcap > ./testout.txt
 222         grep -i 'Number of packets: 10' ./testout.txt > /dev/null
 223         if [ $? -eq 0 ]; then
 224                 test_step_ok
 225         else
 226                 echo
 227                 cat ./testout.txt
 228                 test_step_failed "Probably the wrong interface (no traffic captured)!"
 229         fi
 230 }
 231
 232 # capture with a very unlikely read filter, packets must be zero afterwards
 233 capture_step_read_filter() {
 234         if [ "$WS_SYSTEM" != "Windows" ] ; then
 235                 test_step_skipped
 236                 return
 237         fi
 238
 239         traffic_gen_ping
 240
 241         # valid, but very unlikely filter
 242         date > ./testout.txt
 243         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 244                 -w ./testout.pcap \
 245                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 246                 -R 'dcerpc.cn_call_id==123456' \
 247                 -c 10 \
 248                 -f icmp \
 249                 >> ./testout.txt 2>&1
 250         RETURNVALUE=$?
 251         date >> ./testout.txt
 252         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 253                 echo
 254                 cat ./testout.txt
 255                 # part of the Prerequisite checks
 256                 # wrong interface ? output the possible interfaces
 257                 $TSHARK -D
 258                 test_step_failed "exit status: $RETURNVALUE"
 259                 return
 260         fi
 261
 262         # we should have an output file now
 263         if [ ! -f "./testout.pcap" ]; then
 264                 test_step_failed "No output file!"
 265                 return
 266         fi
 267
 268         # ok, we got a capture file, does it contain exactly 0 packets?
 269         $CAPINFOS ./testout.pcap > ./testout.txt
 270         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
 271         if [ $? -eq 0 ]; then
 272                 test_step_ok
 273         else
 274                 echo
 275                 cat ./testout.txt
 276                 test_step_failed "Capture file should contain zero packets!"
 277         fi
 278 }
 279
 280
 281 # capture with a snapshot length
 282 capture_step_snapshot() {
 283         if [ "$WS_SYSTEM" != "Windows" ] ; then
 284                 test_step_skipped
 285                 return
 286         fi
 287
 288         traffic_gen_ping
 289
 290         # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
 291         # this should result in no packets
 292         date > ./testout.txt
 293         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 294                 -w ./testout.pcap \
 295                 -s 68 \
 296                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 297                 -f icmp \
 298                 >> ./testout.txt 2>&1
 299         RETURNVALUE=$?
 300         date >> ./testout.txt
 301         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 302                 echo
 303                 cat ./testout.txt
 304                 # part of the Prerequisite checks
 305                 # wrong interface ? output the possible interfaces
 306                 $TSHARK -D
 307                 test_step_failed "exit status: $RETURNVALUE"
 308                 return
 309         fi
 310
 311         # we should have an output file now
 312         if [ ! -f "./testout.pcap" ]; then
 313                 test_step_failed "No output file!"
 314                 return
 315         fi
 316
 317         # use tshark to filter out all packets, which are larger than 68 bytes
 318         $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
 319
 320         # ok, we got a capture file, does it contain exactly 0 packets?
 321         $CAPINFOS ./testout2.pcap > ./testout.txt
 322         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
 323         if [ $? -eq 0 ]; then
 324                 test_step_ok
 325         else
 326                 echo
 327                 cat ./testout.txt
 328                 test_step_failed "Capture file should contain zero packets!"
 329                 return
 330         fi
 331 }
 332
 333 wireshark_capture_suite() {
 334         # Q: quit after cap, k: start capture immediately
 335         DUT="$WIRESHARK -Q -k"
 336         test_step_add "Capture 10 packets" capture_step_10packets
 337         # piping to stdout doesn't work with Wireshark and capturing!
 338         #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 339         # read filter doesn't work with Wireshark and capturing!
 340         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 341         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 342 }
 343
 344 tshark_capture_suite() {
 345         DUT=$TSHARK
 346         test_step_add "Capture 10 packets" capture_step_10packets
 347         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 348         if [ $TEST_FIFO ]; then
 349                 test_step_add "Capture via fifo" capture_step_fifo
 350         fi
 351         test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 352         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 353 }
 354
 355 dumpcap_capture_suite() {
 356         #DUT="$DUMPCAP -Q"
 357         DUT=$DUMPCAP
 358         test_step_add "Capture 10 packets" capture_step_10packets
 359         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 360         if [ $TEST_FIFO ]; then
 361                 test_step_add "Capture via fifo" capture_step_fifo
 362         fi
 363         # read (display) filters intentionally doesn't work with dumpcap!
 364         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 365         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 366 }
 367
 368 capture_cleanup_step() {
 369         ping_cleanup
 370         rm -f ./testout.txt
 371         rm -f ./testout2.txt
 372         rm -f ./testout.pcap
 373         rm -f ./testout2.pcap
 374 }
 375
 376 capture_suite() {
 377         test_step_set_pre capture_cleanup_step
 378         test_step_set_post capture_cleanup_step
 379         test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
 380         test_suite_add "TShark capture" tshark_capture_suite
 381 ##      test_suite_add "Wireshark capture" wireshark_capture_suite
 382         test_suite_add "Dumpcap capture" dumpcap_capture_suite
 383 }